Company Overview
At IMS, we're transforming the way the world drives. As a leading provider of connected car and telematics solutions, we deliver cutting-edge services and analytics to insurers, governments, and enterprises worldwide.
Our cloud-based DriveSync platform is at the heart of what we do - an industry-recognized solution that empowers smarter decision-making and better driving outcomes. From enhancing road safety to enabling intelligent mobility strategies, our technology is designed to make driving safer and smarter for everyone, from global insurers to local governments and everyday drivers.
Description
At IMS, we’re on a mission to make driving safer and smarter through connected car and telematics innovation.
The Associate Information Security Compliance Officer (AISCO) is an important member of the IMS Information Security team, assisting in safeguarding the company’s data, infrastructure, and digital assets. This role helps to ensure that IMS’s security framework aligns with ISO, industry best practices, and legal and regulatory requirements. The AISCO will helpcarry out security audits, policy review, incident management, and continuous improvement of IMS’s cybersecurity posture along with adherence and adoption of relevant market regulations.
This position requires a blend of technical expertise, analytical research and thinking skills, and good clear communication with the confidence to collaborate with various stakeholders across the organisation. The ideal candidate will be a proactive problem solver who can identify risks, recommend solutions, and assist in the implementation of security controls to protect IMS’s global technology ecosystem.
In this role, you will be responsible for:
Security Compliance & Risk Management
1. Assist in the development, implementation, and enforcement of information security policies, standards, and procedures in compliance with ISO, GDPR, NIST, and SOC frameworks.
2. Conduct internal security audits and coordinate external audits to assess compliance and effectiveness of security controls.
3. Perform privacy impact assessments in line with regulatory requirements.
4. Identify and assess cybersecurity risks across IMS systems and recommend appropriate remediation actions.
5. Maintain all InfoSec framework certifications, ensuring compliance with regulatory and customer requirements.
6. Collaborate with legal and compliance teams to ensure IMS meets data privacy laws and security regulations across different jurisdictions.
Incident Detection, Response & Management
7. Monitor network and system logs for security incidents, unauthorized access, or vulnerabilities.
8. Investigate security breaches, analyse attack vectors, and document security incidents, including impact assessments and recommended mitigations.
9. Maintain incident response plans (IRPs) to ensure rapid and effective response to security events.
10. Coordinate forensic analysis and liaise with law enforcement or regulatory agencies when required.
11. Ensure security alerts are appropriately triaged, investigated, and escalated following IMS security protocols.
Third-Party Security Assessments
12. Conduct risk assessments and security audits for IMS’s third-party vendors, partners, and suppliers.
13. Work with external security consultants to evaluate and approve new third-party integrations.
14. Ensure third parties comply with IMS’s security and data protection requirements before onboarding.
15. Review and update vendor security contracts, ensuring alignment with IMS security standards.
Customer Security Assessments
16. Complete security questionnaires and assessments from current and prospective clients.
17. Facilitate remote and onsite data privacy audits with IMS customers.
18. Review contractual security clauses and verify operational adherence.
Security Operations & Infrastructure Protection
19. Oversee the implementation and operation of firewalls, intrusion detection systems (IDS), endpoint protection, data loss protection (DLP) tools, and other security solutions.
20. Work closely with IT and DevOps teams to ensure secure cloud architecture and adherence to IAM (Identity & Access Management) policies.
21. Maintain encryption, access control, and authentication protocols to secure sensitive data.
22. Assist with the co-ordination of regular penetration testing and vulnerability scanning to assess security posture.
23. Monitor emerging cybersecurity threats and recommend updates to IMS security technologies and defences.
24. Oversee the continual development and testing of Business Continuity (BC) and Disaster Recovery (DR) plans.
Policy Development & Employee Training
25. Assist within the update of information security policies, ensuring they reflect evolving threats and business needs.
26. Conduct company-wide security awareness training to educate employees on best practices, phishing prevention, and data protection.
27. Serve as an internal security advisor, providing guidance to IT teams, leadership, and employees on secure operations.
28. Check for adherence to secure coding practices for IMS software development teams.
Continuous Improvement & Industry Trends
29. Stay informed on latest cybersecurity trends, threats, and evolving regulatory requirements.
30. Research and suggest innovative security technologies to enhance IMS’s resilience against cyber threats.
31. Drive security automation and orchestration where possible to improve response times and reduce manual processes.
Requirements:
32. Good knowledge of cybersecurity frameworks such as ISO, NIST, SOC, and GDPR compliance.
33. A Cyber Security qualification, or a relevant Insurance Compliance qualification related to GDPR and security.
34. A basic understanding of the function of network security tools, anti-virus/malware, SIEM systems, firewalls, and intrusion detection systems.
35. Ability to deliver security reports and communicate security concepts to technical and non-technical audiences.
36. Good organisational skills with the ability to prioritise and manage multiple security initiatives.
Bonus Qualifications & Experience:
37. ISO ISMS certification (Lead Internal Auditor or Lead Implementer).
38. Knowledge of cloud security (AWS, Azure, Google Cloud) and secure DevOps practices.
39. Experience working with SOC audits and GDPR compliance programs.
40. Hands-on experience with incident response and forensics.
41. Understanding of zero-trust security models, identity management, and endpoint security.
42. Experience working in a regulated environment that requires practical application of GDPR and information security.
43. Background in IT administration, networking, or software security engineering.
Why should you join us?
- Flexible remote working options
- Opportunity to work within a global team
- We’re an innovative technology leader with plans for growth in the global telematics industry. These are some exciting times!
- Company-paid health benefits program.
- Pension scheme with salary sacrifice option.
- Flexible holiday policy to really make the most of your time and wellbeing
- 'Work from Anywhere' Policy - work almost anywhere in the world for days per year!
- Paid volunteering days
- Employee Assistance Program
- Enhanced maternity/paternity leave
- Employee Recognition Hub
Even if you do not meet all of the above criteria, please consider applying! If you have any questions, do not hesitate to get in touch with our HR team, at
IMS is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.